Greetings,We are currently using HTTP::Daemon to prototype a project and have a need to access headers in the order they were sent over the network. Our particular use case is cryptographically signing a subset of the headers and sending this signature as an additional header.
A specified set of headers are to be included in the signature if present in the request. We join the content of these headers (with "\n") then calculate the expected signature and compare it to the value submitted by the client. In order to get the same signature, we must join the header content in the same order as the client. If we only needed to support perl clients using LWP::UserAgent, this wouldn't be an issue as HTTP::Daemon and LWP::UserAgent both use HTTP::Headers and the order the headers will be presented to the consuming script is predictable. Unfortunately, we must support multiple languages.
The HTTP client is allowed to join the headers in preparation for signing in any order it wishes so long as it then sends the headers in the same order over the network. The attached patch stores the order headers are added to the HTTP::Headers object in an arrayref ($self- >{_wire_order}). The header_field_names and scan methods are extended to take an optional value that if present and true cause the headers to be returned/visited based on the order of elements in $self- >{_wire_order} rather than the existing 'best practices' order. The next logical step would be similar extension to the as_string method.
This code has been tested and, thanks to great tests, I was able to catch missing the clear method in my first go at the functionality. All tests currently pass except for a few[1] that seem to be related to the new run_handler method[2]. I'm a bit unsure that the push within the _header method does the right thing in all cases (particularly adding an additional value to an existing header and replacing an existing header with a new value).
This patch does include an update to the relevant docs but does not include new tests. Should the functionality be deemed useful for inclusion in libwww-perl I can go ahead and extend the as_string method and add some new tests to match the new functionality.
[1] Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- local/get.t 2 2 100.00% 1-2 local/http-get.t 21 4 19.05% 5-6 19-20 local/http.t 18 1 5.56% 5I spent a bit of time investigating this and it seems the callback coderef LWP::Simple::getprint() does not receive the arguments it expects:
carrotcake:lwp mgreb$ /usr/bin/perl -I./lib -MLWP::Simple -e 'getprint("http://google.com";)'
P HASH(0x8d77c0)P HASH(0x8c502c)P HASH(0x8e0a3c)P [2] commit c554ba9ec3f95e7632df6d5ddcdad3a929cf4556 Mike -- Michael Greb Linode.com 609-593-7103 ext 1205
0001-FIFO-header-order-support-in-HTTP-Headers.patch
Description: Binary data
PGP.sig
Description: This is a digitally signed message part
